[ARVADOS] updated: 016ecd4c969e5bfa560702843c8e381eb3a33060

git at public.curoverse.com git at public.curoverse.com
Thu Oct 23 17:32:13 EDT 2014


Summary of changes:
 doc/_includes/_skip_sso_server_install.liquid         |  6 ++++++
 doc/install/install-api-server.html.textile.liquid    | 17 ++++++++++++++++-
 doc/install/install-keep.html.textile.liquid          |  2 ++
 doc/install/install-sso.html.textile.liquid           | 15 +++++++++++++++
 doc/install/install-workbench-app.html.textile.liquid |  9 ++++++++-
 5 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 doc/_includes/_skip_sso_server_install.liquid

       via  016ecd4c969e5bfa560702843c8e381eb3a33060 (commit)
       via  091d56d4e04e5b1051787fdfcc27dd1d5a6f0ec7 (commit)
       via  95b0d8142d04199eae27eea17e4a5353d6e3f141 (commit)
       via  0311a59f177bd18fb46fc0ceefde5fc9ad07af63 (commit)
       via  93ffb7c3e8c369a1ee7d5f8da08c92ee478f5ea4 (commit)
      from  fcfd4428e2889ceb847b64b0819207c421de1abd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 016ecd4c969e5bfa560702843c8e381eb3a33060
Merge: fcfd442 091d56d
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Oct 23 17:32:00 2014 -0400

    Merge branch '4186-install-doc-improvements'
    
    refs #4186


commit 091d56d4e04e5b1051787fdfcc27dd1d5a6f0ec7
Merge: 95b0d81 fcfd442
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Oct 23 17:31:38 2014 -0400

    Merge branch 'master' into 4186-install-doc-improvements


commit 95b0d8142d04199eae27eea17e4a5353d6e3f141
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Oct 23 16:58:53 2014 -0400

    Add install dependencies for the SSO server.
    
    refs #4186

diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index cac720b..178673a 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -6,6 +6,19 @@ title: Install Single Sign On (SSO) server
 
 {% include 'skip_sso_server_install' %}
 
+h2(#dependencies). Install dependencies
+
+You need to have ruby 2.1 or higher and the bundler gem installed.
+
+One way to install those dependencies is:
+
+<notextile>
+<pre><code>~$ <span class="userinput">\curl -sSL https://get.rvm.io | bash -s stable --ruby=2.1</span>
+~$ <span class="userinput">gem install bundler
+</span></code></pre></notextile>
+
+h2(#install). Install SSO server
+
 <notextile>
 <pre><code>~$ <span class="userinput">cd $HOME</span> # (or wherever you want to install)
 ~$ <span class="userinput">git clone https://github.com/curoverse/sso-devise-omniauth-provider.git</span>

commit 0311a59f177bd18fb46fc0ceefde5fc9ad07af63
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Oct 23 16:29:31 2014 -0400

    Explain the Keepstore's -permission-key-file argument and API server's
    blob_signing_key configuration value.
    
    refs #4186

diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid
index ad991de..e1de8c3 100644
--- a/doc/install/install-api-server.html.textile.liquid
+++ b/doc/install/install-api-server.html.textile.liquid
@@ -78,6 +78,8 @@ Generate a new secret token for signing cookies:
 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
 </code></pre></notextile>
 
+If you want access control on your Keep server(s), you should set @blob_signing_key@ to the same value as the permission key you provided to your "Keep server(s)":install-keep.html.
+
 Put it in @config/application.yml@ in the production or common section:
 
 <notextile>
diff --git a/doc/install/install-keep.html.textile.liquid b/doc/install/install-keep.html.textile.liquid
index d46e4cc..20670f3 100644
--- a/doc/install/install-keep.html.textile.liquid
+++ b/doc/install/install-keep.html.textile.liquid
@@ -35,6 +35,8 @@ Usage of keepstore:
 </code></pre>
 </notextile>
 
+If you want access control on your Keep server(s), you should provide a permission key. The @-permission-key-file@ argument should contain the path to a file that contains a single line with a long random alphanumeric string. It should be the same as the @blob_signing_key@ that can be set in the "API server":install-api-server.html config/application.yml file.
+
 Prepare one or more volumes for Keep to use. Simply create a /keep directory on all the partitions you would like Keep to use, and then start Keep. For example, using 2 tmpfs volumes:
 
 <notextile>

commit 93ffb7c3e8c369a1ee7d5f8da08c92ee478f5ea4
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Oct 23 15:59:23 2014 -0400

    First set of improvements:
    
    * Suggest skipping SSO server installation for now, until we upgrade that codebase
    
    * Be more explicit about the desired values for arvados_login_base and
      arvados_v1_base in the workbench installation instructions.
    
    refs #4186

diff --git a/doc/_includes/_skip_sso_server_install.liquid b/doc/_includes/_skip_sso_server_install.liquid
new file mode 100644
index 0000000..a5c1511
--- /dev/null
+++ b/doc/_includes/_skip_sso_server_install.liquid
@@ -0,0 +1,6 @@
+<div class="alert alert-block alert-info">
+  <button type="button" class="close" data-dismiss="alert">×</button>
+  <h4>Note!</h4>
+  <p>The SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google <a href="https://developers.google.com/accounts/docs/OpenID2">has deprecated that protocol</a>. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation. Instructions to do so are provided on the "API server":install-api-server.html page.</p>
+  <p><strong>Recommendation: skip this step</strong></p>
+</div>
diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid
index 3b39835..ad991de 100644
--- a/doc/install/install-api-server.html.textile.liquid
+++ b/doc/install/install-api-server.html.textile.liquid
@@ -124,7 +124,20 @@ Set up omniauth:
 <pre><code>~/arvados/services/api$ <span class="userinput">cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
 </code></pre></notextile>
 
-Edit @config/initializers/omniauth.rb at . Set @APP_SECRET@ to the value of @app_secret@ from "installing the single sign on server":install-sso.html .
+Edit @config/initializers/omniauth.rb@, and tell your api server to use the Curoverse SSO server for authentication:
+
+<notextile>
+<pre><code>APP_ID = 'local_docker_installation'
+APP_SECRET = 'yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph'
+CUSTOM_PROVIDER_URL = 'https://auth.curoverse.com'
+</code></pre></notextile>
+</pre>
+
+<div class="alert alert-block alert-info">
+  <button type="button" class="close" data-dismiss="alert">×</button>
+  <h4>Note!</h4>
+  <p>You can also run your own SSO server. However, the SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google <a href="https://developers.google.com/accounts/docs/OpenID2">has deprecated that protocol</a>. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation.</p>
+</div>
 
 You can now run the development server:
 
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index 2f2ba51..cac720b 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -4,6 +4,8 @@ navsection: installguide
 title: Install Single Sign On (SSO) server
 ...
 
+{% include 'skip_sso_server_install' %}
+
 <notextile>
 <pre><code>~$ <span class="userinput">cd $HOME</span> # (or wherever you want to install)
 ~$ <span class="userinput">git clone https://github.com/curoverse/sso-devise-omniauth-provider.git</span>
diff --git a/doc/install/install-workbench-app.html.textile.liquid b/doc/install/install-workbench-app.html.textile.liquid
index 055ef47..ea9e73c 100644
--- a/doc/install/install-workbench-app.html.textile.liquid
+++ b/doc/install/install-workbench-app.html.textile.liquid
@@ -73,7 +73,14 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 Copy @config/application.yml.example@ to @config/application.yml@ and edit it appropriately for your environment.
 
 * Set @secret_token@ to the string you generated with @rake secret at .
-* Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html
+* Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html, like this:
+
+<notextile>
+<pre><code>arvados_login_base: https://your.host:3030/login
+arvados_v1_base: https://your.host:3030/arvados/v1
+</code></pre>
+</notextile>
+
 * @site_name@ can be any string to identify this Workbench.
 * If the SSL certificate you use for development isn't signed by a CA, make sure @arvados_insecure_https@ is @true at .
 

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list